The above diagram is created in Microsoft Visio and it illustrates the current security risk that are required to be considered for the development of the information system by the VIC Government. There are several components that are required to be considered by the VIC Government such as the Malware, Trojans and spyware as threats for the development of the project. The threats that are acting as a barrier for the development of the information system are categorized into accidental and deliberate threats and further into internal and the external risks. The information security guideline of the VIC Government is required to be included in the development process for controlling the risk associated with the system. The above diagram thus defines the different steps of the risk assessment and treats the basic risk associated with the development of the system. The flow of the risk helps to identify the risk and concerns associated with the risk.
The risks associated with the development of the information system is categorized as high, medium, medium low and low risks. The areas of risk according to the category are described below:
High Risk- This are the risk that cannot be controlled by the Vic Government and affect the system negatively. The risks are required to be mitigated as soon as it is analyzed or evaded for develop the system efficiently.
Medium Risk- The financial and the intruder attack can be considered as a medium risk and precaution can be taken such that this type of risk does not arise. There is option of rectification of the error and thus they are considered as the medium risk for the information system.
Medium Low- The risk acting on the information system due to human error and any irrelevant activity such as missing the schedule and incurring extra cost in the development process.
Low Risk- This type of risk are not directly associated with the information system and have low impact. This type of risk can be non-availability of the team members.
Deliberate Threats
The deliberate threats related with the advancement of the project is to consider the risk that are not directly affecting the information system and it can affect the system from different point such as Denial of service attacks, eavesdropping, sabotage, unauthroised access of data, etc. The potential of the attacker is required to be considered for the development of the system and effect of the deliberate threats are also required to be considered (Cpdp.vic.gov.au., 2017). The data exist in in the database of the system can be modified and it can arise from different sources such as hackers, contractors, customers, extortionists, foreign agents and activists. The result of the deliberate threats can be non-availability of the system and the resources, loss of confidentiality, accountability and integrity of the information system.
The accidental threats are considered as the threats that are not directly associated with the system and can arise at any point during the course of development of the information system. The accidental threats may occur due to a minor error of a team member or sudden breakdown of the machine or unavailability of the team members (Bernardo, 2012). The error may be due to the occasion of a hazard (for example, framework crash because of programming blunder) or may influence a defenselessness (for example, a PC to screen left unattended may be manhandled by an unapproved customer).
A particularly essential risk, regularly coincidental, is enhanced weakness through erroneously composed or old security controls or exploitable programming, for instance, working frameworks and databases without refreshed mode “patches” (Chance & Brooks, 2015).
The accidental threats associated with the development of the information system are listed as follows:
The threats found during the feasibility study for the preparation of the development of the information system for the VIC Government are ranked according to their severity and impact in the development process. Generally the deliberate threats have a high impact on the development process as they are directly linked with the software development life cycle (Glendon, Clarke & McKenna, 2016). While in case of the accidental threats they are ranked as medium or low because they does not affect the system directly. From a close examination it is settled that, the target degree can sensibly impact the hazard inside coming ten years however, in the event that there ought to be an event of deliberate, coincidental and normal risks the impact of the threats in the ISMS are introduced as underneath:
The deliberate threats associated with the system cannot be controlled easily and its impact is very high and thus it is required to be mitigated in the early stages of development of the ISMS.
The accidental threats are considered as high because it is not directly associated with the development of the system and the risk can be changed any time during the development of the system. The human error identified is required to be resolved immediately for increasing the efficiency of the system.
The rankings are given in light of the dangers and their effect on the VIC Government data framework. The high positioning is given if there should arise an occurrence of the ponder dangers on the grounds that the vast majority of the hazard related with the security of information is related with this sort of dangers. This kind of dangers influences the VIC Government very.
The coincidental dangers are positioned as high in light of the fact that these sorts of dangers are not related with the VIC Government straightforwardly. The human blunders can happen deliberately or accidentally and in this manner there is less hazard related with this risk.
There are different challenges faced by the VIC government while taking decision about the risk management and it is required to be done internally or externally for managing the information security management (Hopkin, 2014). The vulnerability of the information system are analyzed for gaining visibility of the potential areas. The challenges associated with the development of the information system are categorized below:
External threats- External team can be assigned for the development of the information system and manage the different risk for increasing the efficiency of the development process. The involvement of the consultant helps in transferring the risk and the cost incurred in the development system can be reduced. Misunderstanding between the team members are also considered as an external threats and a detailed analysis is required to be done on the requirement for the identification of the threats.
Internal threats- The threats can be managed easily and the project manager can assign the task to the different teams for development of the modules for reducing the risk. This can affect the security of the information system and the protection is necessary for the efficiency of the information system. The server used for managing the application and the database is required to be protected from unauthroised access (Lo & Chen, 2012). The database servers are required to be encrypted such that the intruders cannot access the sensitive data of the VIC Government.
The risk and uncertainty differs from each other and the following table is created for a detailed understanding.
|
Factors |
Risk |
Uncertainty |
|
Definition |
The risk is considered as a situation for holding the probabilities that are known for the development of the system (O’malley, 2012). The outcome and the potential of the risk cannot be preliminarily determined. |
The uncertainty regarding the development of the information system are considered as the situation when the situation is unknown. The uncertainty are difficult to determine and thus the outcome cannot be expected. |
|
Outcome |
The outcome of the risk are known or forecasted and thus a risk mitigation plan can be created with the application if the risk management models and techniques. |
Due the lack of information about the future risk it cannot be included in the risk management plan (Peltier, 2016). The severity of the uncertainty cannot be measured and no theories are applicable. |
|
Control |
The higher authority is responsible to control the situation and increase the efficiency of the development process |
The responsibility cannot be divided and thus no control can be enforced to the uncertainty. |
|
Minimization |
The risk can be minimized by allocation of roles and responsibility to the different development stages and monitoring the progress of development at a regular interval of time |
It has no option for minimization. It is required to be resolved immediately (Klaic & Golub, 2013). |
|
Probabilities |
The risk can be categorized into two different types such as symmetric and asymmetric and the probability of the risk is very high |
The uncertainty probability cannot be found and the probability is low. |
There are several risk associated with the development of the information system and they are required to be resolved for increasing the efficiency of the developed system. A risk management plan is necessary and a guideline is required to be created for the development of the project (Burdon, Siganto & Coles-Kemp, 2016). The methodology portrayed underneath should fill in as a manual for workplaces yet can be changed in accordance with singular needs. The different methodologies accessible to VIC for Risk control and relief are as underneath:
For controlling the risk a leadership commitment is required to be made and a detailed analysis is required to be done on the current information system and the following stages are applied such as;
Evaluation of the current requirement: The current requirement that is required to be included in the information system is analyzed and project management tools are used for developing project plan to build the information system
Examination of the project development methodology: The information system is required to be developed and the project manager is responsible for assigning the roles and responsibility to each of the team member for reducing the risk (Rainer, Prince & Watson, 2014).
Effect of risk control: The different threats related to the growth of the VIC information system can be documented and their priority should also be mentioned for preparation of the risk control plan.
Methods of disappointment: It is the responsibility of the project manager to create a project development schedule and assign the resources to each of the development stage. The budget of the project is also required to be estimated and monitored until the project is completed (Guo, 2013). The success of the project is dependent on the completion of the project within the proposed time and budget.
There are some risk that can be mitigated after proper diagnosis of the risk and creation of a proper risk management plan and the approaches applied for risk mitigation are listed as follows:
References
(2017). Cpdp.vic.gov.au. Retrieved 26 August 2017, from https://www.cpdp.vic.gov.au/images/content/pdf/data_security/20160628%20VPDSF%20Framework%20June%202016%20v1.0.pdf
Behnia, A., Rashid, R. A., & Chaudhry, J. A. (2012). A survey of information security risk analysis methods. SmartCR, 2(1), 79-94.
Bernardo, D. V. (2012). Security risk assessment: toward a comprehensive practical risk management. International Journal of Information and Computer Security, 5(2), 77-104.
Bompard, E., Huang, T., Wu, Y., & Cremenescu, M. (2013). Classification and trend analysis of threats origins to the security of power systems.International Journal of Electrical Power & Energy Systems, 50, 50-64.
Burdon, M., Siganto, J., & Coles-Kemp, L. (2016). The regulatory challenges of Australian information security practice. Computer Law & Security Review.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage Learning.
Glendon, A. I., Clarke, S., & McKenna, E. (2016). Human safety and risk management. Crc Press.
Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, 242-251.
Hopkin, P. (2014). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
Hull, J. (2012). Risk Management and Financial Institutions,+ Web Site (Vol. 733). John Wiley & Sons.
Klaic, A., & Golub, M. (2013). Conceptual modeling of information systems within the information security policies. J Econ Bus Manage, 1(4), 371-376.
Lo, C. C., & Chen, W. J. (2012). A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 39(1), 247-257.
Nassimbeni, G., Sartor, M., & Dus, D. (2012). Security risks in service offshoring and outsourcing. Industrial Management & Data Systems, 112(3), 405-440.
O’malley, P. (2012). Risk, uncertainty and government. Routledge.
Pearce, M., Zeadally, S., & Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), 17.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Pieters, W., Lukszo, Z., Hadžiosmanovi?, D., & van den Berg, J. (2014). Reconciling malicious and accidental risk in cyber security.
Rainer, R. K., Prince, B., & Watson, H. J. (2014). Management Information Systems. Wiley Publishing.
Rampini, A. A., Sufi, A., & Viswanathan, S. (2014). Dynamic risk management. Journal of Financial Economics, 111(2), 271-296.
Rogers, K., Boon, P. I., Branigan, S., Duke, N. C., Field, C. D., Fitzsimons, J. A., … & Saintilan, N. (2016). The state of legislation and policy protecting Australia’s mangrove and salt marsh and their ecosystem services. Marine Policy, 72, 139-155.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download